CIA Malware Unveiled

Since early 2017, whistleblower website WikiLeaks has been publishing secret CIA documents and the malware used by them to take control of all sort of electronic devices.

In the ongoing Vault 7 series, WikiLeaks has recently published documents from CIA contractor Raytheon Blackbird Technologies.

The leaked documents were submitted to the CIA between 21st Nov 2014 and 11th Sep 2015. The documents submitted by Raytheon contained proof-of-concept assessments for malware attack vectors. It should be noted that Raytheon acted as a technology scout for CIA’s Remote Development Branch (RDB). The scout made recommendations to the CIA teams for further research and malware development.

So the 5 CIA-Raytheon malware described in the leaked documents:

1. HTTPBrowser RAT

The first document gives an introduction to a new variant of the HTTPBrowser Remote Access Tool (RAT). The malware’s dropper has a zip file that contains 3 files. This RAT captures keystrokes and writes it to a file. It continuously talks to the C&C (command and control) server in clear text communications.

2. NfLog

NfLog RAT is also known as IsSpace. This new malware variant is deployed using the leaked Hacking Team Adobe Flash exploit which uses CVE 2015-5122. For C&C communications, NfLog also uses the Google App Engine. By using UAC bypass technique, it attempts UAC bypass and privilege escalation on Windows operating system.

3. Reign

Reign is a sophisticated malware sample that has been in use as early as 2008, with its new iteration appearing in 2013. What makes Reign special is its modular architecture that grants flexibility to the attackers.

It also features the capability to hide itself from detection. The attack via Reign is carried out in 5 stages, with the last granting functionalities like file system access, networking, event logging, port loading, rootkit functions, etc.

4. HammerToss

HammerToss is probably a Russian-sponsored malware. It leverages compromised websites, GitHub, Twitter accounts, and cloud storage for taking care of the C&C functions. Written in C#, HammerToss uses a dedicated program to create new Twitter accounts and use them to execute commands and get the data uploaded by the victim.

5. Gamker

Gamker is an information stealing Trojan that uses the process of self-code injection to make sure that nothing is written to disk. Gamker is also able to gain some obfuscation characteristics by using Assembly language instruction in hooking routine.

FossBytes.com:

You Might Also Read: 

WikiLeaks Reveal CIA Credentials Malware:

CIA Silent about Wikileaks Agency Files:

 

« Data Scientists Remain Top Of ‘most wanted’ Employees
5G Wireless Technology - Enabling Mobile-Only Networking »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

CERT-SE

CERT-SE

CERT-SE is the national and governmental Computer Security Incident Response Team of Sweden.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

APrivacy

APrivacy

APrivacy provides information and communication security products for the financial services industry.

UZCERT

UZCERT

UZCERT is the national Computer Emergency Response Team for Uzbekistan.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

National Cybersecurity Student Association (NCSA) - USA

National Cybersecurity Student Association (NCSA) - USA

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Neural Defend

Neural Defend

Neural Defend is a deepfake detection technology with proprietary algorithms and an AI agentic multi-layered of solution.

ClamAV

ClamAV

ClamAV is an open-source (GPL) anti-virus engine used in a variety of situations, including email and web scanning, and endpoint security.

Cyberdise

Cyberdise

Cyberdise is an AI-driven cybersecurity awareness solution designed for companies with complex security requirements.